It was less than a month ago that news of the Log4j vulnerability called Log4Shell broke. The news and fixes around the zero-day vulnerability in Log4j, a popular Java logging framework, continue to come fast; as of today, January 5, the current guidance is to upgrade Log4j to 2.12.4 for Java 7 and 2.17.1 for Java 8+. In case you've been out of the loop, you can learn more about the situation in this blog post.
In the aftermath of Log4Shell, many have discussed how the situation feels similar to another zero day vulnerability from nearly a decade ago: the Heartbleed bug. Heartbleed was a serious vulnerability that affected the popular OpenSSL cryptographic software library, and first drew attention to the serious need for better support for the often-volunteer independent maintainers of open source. How has the industry learned and improved since then?
Join us tomorrow, January 6 at 3 p.m. ET as Tidelift solutions architect lead Mark Galpin will share insights into the Log4Shell vulnerability and discuss how things have changed since Heartbleed. He’ll share how the industry has improved and discuss ways we can continue addressing the underlying issues even better. He’ll also show you how Tidelift can help with these challenges, and answer questions about Log4Shell and Tidelift recommendations for handling it. You can register here.
And if you're looking for more information about how to mitigate the impact of the Log4Shell vulnerability, here are a bunch of resources to help: